> > Hi > > I am doing one test scenario where the ip address are dynamically > configured on the interface .Due to this what i observe is , > reauthentication of ike is happening due to address change, though the > configured ip is not related to any configured policy . > Is it possible to disable the reauthentication of the ike due to ip address > change . I have also configured "reauth=no" in all the policy to check > whether it has any effect but seems that it is not taken into effect . > > The configuration is as follows : > > 1) Policy 1 is configured on eth1 interface (1.1.1.1/24) with reauth=no > and ikev2 > 2) Policy 2 is configured on eth1:1 (virtual ip address 1.1.1.2/24) with > reauth =no and ikev2 > > Now when ipsec is up , tunnel will be established properly (both ike sa and > child sa) .Then i configured another IP address on eth3 (4.4.4.4/24) > using ifconfig command . The configured ip is visible to the strongswan and > due to this it goes for the "reauthenticating IKE_SA due to address change". > Most strange part is > reauthentication goes only for the virtual ip address > configuration(1.1.1.2) but not for the Actual ip configured at the > interface (eth1, 1.1.1.1). > > So want to know the following information . > > 1) Is reauth=no has any effect or i am doing some wrong configuration > > 2) IS reauth =no is applicable to single policy or as whole (if configured > per policy basis or in default) > > 3) why the reauthentication is happening for the virtual ip address not for > the actual ip address configured . > > Thanks in advance > > Regards > Ujjal. >
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
